Google Apps Technical Transition Guide

For Business, Education, and Government

Google, Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043 www.google.com

Part number: GATTG_1.1

March 22, 2012
Copyright 2012 Google, Inc. All rights reserved. Google, the Google logo, Google Apps, Google Apps Mail, Google Docs, Google Calendar, Google Sites, Google Video, Google Talk, Gmail, Google Message Filtering, Google Message Security, Google Message Discovery, Postini, the Postini logo are trademarks, registered trademarks, or service marks of Google Inc. All other trademarks are the property of their respective owners. Use of any Google solution is governed by the license agreement included in your original contract. Any intellectual property rights relating to the Google services are and shall remain the exclusive property of Google, Inc. and/or its subsidiaries (Google). You may not attempt to decipher, decompile, or develop source code for any Google product or service offering, or knowingly allow others to do so. Google documentation may not be sold, resold, licensed or sublicensed and may not be transferred without the prior written consent of Google. Your right to copy this manual is limited by copyright law. Making copies, adaptations, or compilation works, without prior written authorization of Google. is prohibited by law and constitutes a punishable violation of the law. No part of this manual may be reproduced in whole or in part without the express written consent of Google. Copyright by Google Inc. Google provides this publication as is without warranty of any either express or implied, including but not limited to the implied warranties of merchantability or fitness for a particular purpose. Postini, Inc. may revise this publication from time to time without notice. Some jurisdictions do not allow disclaimer of express or implied warranties in certain transactions; therefore, this statement may not apply to you.

Google Apps Technical Transition Guide

Contents

Introduction.......................................................................................................... 7 Who is this guide for? ............................................................................................ 7 What does this guide cover? ................................................................................. 7 Should I work with a Google Apps partner? .......................................................... 8 Additional resources and support .......................................................................... 8 Provide feedback for this guide ............................................................................. 8 Disclaimer for third-party product configurations ................................................... 8 Chapter 1: Transition Overview ......................................................................... 9 Transitioning a company of 250+ employees ........................................................ 9 The Core IT phase ........................................................................................ 10 The Early Adopters phase............................................................................. 10 The Global Go Live phase ............................................................................ 10 Recommended order of tasks per phase ...................................................... 11 Transitioning a company of fewer than 250 employees ...................................... 15 Week 1 .......................................................................................................... 16 Week 2 .......................................................................................................... 16 Week 3 .......................................................................................................... 17 Week 4 .......................................................................................................... 17 Chapter 2: Change Management...................................................................... 21 Core IT................................................................................................................. 21 Designate a change management coordinator ............................................. 21 Educate employees about your Google Apps transition ............................... 21 Identify change impacts ................................................................................ 22 Determine a web browser policy ................................................................... 22 Select your early adopters ............................................................................ 23 Early Adopters ..................................................................................................... 23 Decide on a go-live date and inform your employees ................................... 23 Plan your go-live help desk operations ......................................................... 24 Continue educating employees about your transition ................................... 24 Global Go Live..................................................................................................... 24 Run your go-live help desk............................................................................ 24

Contents

Chapter 3: Domain Management...................................................................... 25 Core IT................................................................................................................. 25 Verify your primary domain with Google Apps .............................................. 25 Verify additional domains with Google Apps (optional)................................. 25 Set up a subdomain for mail routing ............................................................. 25 Global Go Live..................................................................................................... 26 Remove the mail routing subdomain............................................................. 26 Chapter 4: User Account Migration ................................................................. 27 Core IT................................................................................................................. 27 Add your IT team to Google Apps manually ................................................. 27 Early Adopters ..................................................................................................... 28 Begin provisioning users ............................................................................... 28 Migrate shared contacts................................................................................ 29 Global Go Live..................................................................................................... 29 Finish provisioning users............................................................................... 29 Migrate distribution lists into Google Groups ................................................ 29 Continue maintaining user accounts ............................................................. 29 Chapter 5: Mail Data Migration......................................................................... 31 Core IT................................................................................................................. 31 Determine which mail migration tool to use .................................................. 31 Early Adopters ..................................................................................................... 32 Begin migrating user mail data...................................................................... 32 Migrate shared contacts................................................................................ 32 Global Go Live..................................................................................................... 33 Finish migrating user mail data ..................................................................... 33 Chapter 6: Mail Routing .................................................................................... 35 Core IT................................................................................................................. 35 Set up dual delivery....................................................................................... 35 Determine your final mail routing design....................................................... 36 Set up standalone Google Message Security (optional) ............................... 37 Early Adopters ..................................................................................................... 37 Set up split delivery ....................................................................................... 37 Global Go Live..................................................................................................... 39 Finalize your mail routing solution................................................................. 39 Chapter 7: Calendar Migration ......................................................................... 41 Core IT................................................................................................................. 41 Decide whether to migrate user calendar data ............................................. 41 Early Adopters ..................................................................................................... 41 Begin provisioning calendar resources (recommended)............................... 41 Begin migrating user calendar data (optional) .............................................. 42 Share free/busy information across systems (optional) ................................ 42 Global Go Live..................................................................................................... 43 Provision remaining calendar resources ....................................................... 43 Finish migrating user calendar data (optional) .............................................. 43 Chapter 8: Mobile Configuration...................................................................... 45 Core IT................................................................................................................. 45 Determine your companys mobile IT strategy.............................................. 45 Test basic mobile connectivity to Google Apps............................................. 45

Google Apps Enterprise Pilot Guide

Early Adopters ..................................................................................................... 46 Configure Android devices (Android) ............................................................ 46 Configure BlackBerry support (BlackBerry) .................................................. 46 Configure iOS devices (iOS) ......................................................................... 47 Enforce device policy (all devices) ................................................................ 48 Integrate mobile security apps (all devices) .................................................. 48 Global Go Live..................................................................................................... 48 Schedule a mobile deployment day .............................................................. 48 Staff your mobile deployment day................................................................. 49 Chapter 9: User Policies ................................................................................... 51 Core IT................................................................................................................. 51 Determine a web browser policy ................................................................... 51 Set up YouTube for Schools (optional) ......................................................... 51 Chapter 10: Authentication and Authorization ............................................... 53 Core IT................................................................................................................. 53 Decide whether to add auth services ............................................................ 53 Decide whether to enable 2-step verification ................................................ 53 Early Adopters ..................................................................................................... 54 Test auth services (optional) ......................................................................... 54 Global Go Live..................................................................................................... 54 Launch auth services (optional) .................................................................... 54 Chapter 11: Post-Transition Topics................................................................. 55 Keep up with whats new ..................................................................................... 55 Become a Google Apps expert............................................................................ 55 Learn more about mobile configuration ............................................................... 56 Consult the Google Apps Help Center ................................................................ 56

Contents

Google Apps Enterprise Pilot Guide

Introduction

Who is this guide for?

This guide is for you if any of the following applies: Youll be helping your company transition to Google Apps from another messaging platform (such as Microsoft Exchange). Youre curious about making the switch to Google Apps and want to learn more about the transition process before deciding.

This guide is most applicable to Google Apps transitions for companies of 50 or more employees. If your company has fewer than 50 employees, be sure to read the Small Business Resources provided in the Google Apps Deployment Resource Center. Your transition may be simple enough that you can complete it with the Google Apps setup wizard.

What does this guide cover?

The amount of time and effort required to transition your company to a new enterprise solution can seem stressfully unclear. This guide seeks to eliminate that stress by explicitly outlining the Google Apps transition process, which typically uses a simple, three-phase approach. Youll understand the major steps for migrating each of the components of your legacy system, including user accounts, mail, calendar data, and mobile devices. Youll also learn the approximate level of effortlow, moderate, or highrequired for each step. Links to the definitive documentation resources for each step are included, so youll know exactly what to do when the time comes.

Should I work with a Google Apps partner?

In short, yes. Google Apps partners are experts in all aspects of a Google Apps transition, and working with one will ensure that your transition is smooth and speedy. Working with a partner is particularly valuable if your legacy system includes complex configurations that this guide doesnt account for.

Additional resources and support

The latest version of this guide is available here: http://www.google.com/support/ enterprise/static/gapps/docs/admin/en/gapps_transition/ gapps_transition_guide.pdf Visit the Google Apps Deployment Resource Center (http:// deployment.googleapps.com) for more information on everything related to your Google Apps transition. To contact Google Apps support via phone or email, visit the Enterprise Support page in the Google Apps Admin Help Center.

Provide feedback for this guide

Google values your feedback; if you have comments about this guide, wed love to read them. Please provide them in our feedback form.

Disclaimer for third-party product configurations

Parts of this guide describe how Google products work with Microsoft Exchange and the configurations that Google recommends. These instructions are designed to work with the most common Microsoft Exchange scenarios. Any changes to Microsoft Exchange configuration should be made at the discretion of your Microsoft Exchange administrator. Google does not provide technical support for configuring mail servers or other thirdparty products. In the event of a Microsoft Exchange issue, you should consult your Microsoft Exchange administrator. GOOGLE ACCEPTS NO RESPONSIBILITY FOR THIRD-PARTY PRODUCTS. Please consult the product's Web site for the latest configuration and support information. You may also contact Google Solutions Providers for consulting services.

Google Apps Technical Transition Guide

Chapter 1

Transition Overview

Chapter 1

Each task associated with your Google Apps transition corresponds to one of three categories: technical configuration, change management, or project management. Before you begin your Google Apps transition, you should designate an appropriate individual in your organization to lead each of these three initiatives. Technical configuration encompasses the technical tasks required to migrate your users and data from your legacy system to Google Apps. Your IT team is primarily responsible for this initiative. Change management consists of corporate communication and user education for your transition. Change management coordinators post company announcements, distribute user documentation, and organize training courses for users. Project management consists of coordinating and communicating the progress of the other teams responsible for your transition. Project managers interface with Google Apps partners, the IT team, change management coordinators, and executives to ensure that everything is running smoothly and on schedule.

This guide focuses primarily on the technical configuration portion of your Google Apps transition, although it does touch on the other two as well. For more in-depth information on change management and project management, consult the resources on the Google Apps Deployment Resource Center.

Transitioning a company of 250+ employees

For a company of 250 or more employees, a standard Google Apps transition is divided into three phases of roughly equal length:

Each phase is usually four weeks long, although this varies somewhat with the size of your company and the specifics of your legacy system. The transition is usually complete within 90 days. During each of the three phases, you configure more Google Apps features, migrate more data from your legacy system, and move more of your users to Google Apps.

The Core IT phase

Only members of your IT team begin using Google Apps during the Core IT phase. This gives your IT team the opportunity to familiarize themselves with Google Apps and plan the next two phases. Your IT team begins receiving their mail in Google Apps, but no migration of legacy data occurs. During this phase, change management coordinators send out communications to inform the company of your upcoming transition. They also select 5 to 10 percent of your employees to serve as Google Apps early adopters for the next phase. Your users dont experience any changes to their workflow yet.

The Early Adopters phase

5 to 10 percent of your company begins using Google Apps during the Early Adopters phase. These early adopters are a cross section of your company that includes representatives of as many roles and office locations as possible. You begin migrating data from your legacy system, including user accounts, mail, and calendar data, during this phase. The purpose of this phase is for you to perform a full Google Apps transition for a comparatively small number of users, as a proof of concept. The Early Adopters phase is not a watered-down test drive; with the exception of a few services that you dont enable until the final phase, the Google Apps experience for your early adopters is complete. Change management coordinators begin sending out user documentation and running training sessions during this phase. You should familiarize as many employees as possible with Google Apps before the Global Go Live phase.

The Global Go Live phase

By the end of the Global Go Live phase, your entire company is living on Google Apps. The primary task during this phase is to troubleshoot issues that arise while the rest of your users acclimate to their new workflow. To help ease the transition, your IT team holds open office hours, and your early adopters can serve as Google Guides, answering basic questions from their peers and directing more advanced questions to your IT team.

10

Google Apps Technical Transition Guide

Moving forward after this phase is complete, you should continue to improve the Google Apps experience for your users by teaching them advanced features and staying informed about the latest updates. See Post-Transition Topics (p. 55) for useful post-transition resources.

Recommended order of tasks per phase

The outline below shows the recommended order of tasks to perform during each phase of your Google Apps transition. The remaining chapters of this guide describe these tasks in further detail, and provide links to the primary documentation resources for them. These tasks should be completed by your IT team, with the exception of tasks under the Change Management topic, which should be completed by your change management team. Click any task below to navigate to its discussion.

Task

Topic

1 Verify your primary domain with Google Apps (p. 25) 2 Verify additional domains with Google Apps (optional) (p.
25)

Domain Management Domain Management User Account Migration Domain Management Mail Routing User Policies Change Management

3 Add your IT team to Google Apps manually (p. 27) 4 Set up a subdomain for mail routing (p. 25) 5 Set up dual delivery (p. 35) 6 Determine a web browser policy (p. 51) 7 Designate a change management coordinator (p. 21)
21)

8 Educate employees about your Google Apps transition (p. Change Management 9 Select your early adopters (p. 23) 10 Identify change impacts (p. 22) 11 Determine your companys mobile IT strategy (p. 45) 12 Test basic mobile connectivity to Google Apps (p. 45) Change Management Change Management Mobile Configuration Mobile Configuration

Transition Overview

11

Task

Topic

13 Set up standalone Google Message Security (optional) (p. Mail Routing

37)

14 Determine your final mail routing design (p. 36) 15 Determine which mail migration tool to use (p. 31) 16 Decide whether to migrate user calendar data (p. 41) 17 Set up YouTube for Schools (optional) (p. 51) 18 Decide whether to add auth services (p. 53) 19 Decide whether to enable 2-step verification (p. 53)

Mail Routing Mail Data Migration Calendar Migration User Policies Authentication and Authorization Authentication and Authorization

12

Google Apps Technical Transition Guide

Task

Topic

1 Begin provisioning users (p. 28) 2 Set up split delivery (p. 37) 3 Begin migrating user mail data (p. 32) 4 Begin migrating user calendar data (optional) (p. 42)
41)

User Account Migration Mail Routing Mail Data Migration Calendar Migration

5 Begin provisioning calendar resources (recommended) (p. Calendar Migration 6 Share free/busy information across systems (optional) (p. Calendar Migration
42)

7 Decide on a go-live date and inform your employees (p.

23)

Change Management Change Management Change Management Mobile Configuration Mobile Configuration Mobile Configuration Mobile Configuration Mobile Configuration Mobile Configuration Authentication and Authorization

8 Continue educating employees about your transition (p.

24)

9 Plan your go-live help desk operations (p. 24) 10 Schedule a mobile deployment day (p. 48) 11 Configure BlackBerry support (BlackBerry) (p. 46) 12 Configure Android devices (Android) (p. 46) 13 Configure iOS devices (iOS) (p. 47) 14 Enforce device policy (all devices) (p. 48) 15 Integrate mobile security apps (all devices) (p. 48) 16 Test auth services (optional) (p. 54)

Transition Overview

13

Task

Topic

1 Finish provisioning users (p. 29) 2 Finish migrating user mail data (p. 33) 3 Finish migrating user calendar data (optional) (p. 43) 4 Provision remaining calendar resources (p. 43) 5 Launch auth services (optional) (p. 54) 6 Finalize your mail routing solution (p. 39) 7 Run your go-live help desk (p. 24) 8 Staff your mobile deployment day (p. 49) 9 Continue maintaining user accounts (p. 29)

User Account Migration Mail Data Migration Calendar Migration Calendar Migration Authentication and Authorization Mail Routing Change Management Mobile Configuration User Migration

14

Google Apps Technical Transition Guide

Transitioning a company of fewer than 250 employees

If your company has fewer than 250 employees, you may be able to complete your transition within 30 days instead of 90. In order for this fast-track transition to be feasible, none of the following should apply to you: You are migrating more than one domain to Google Apps. You are adding OpenID and OAuth auth services to your system. You are setting up single sign-on. You have an on-premise BlackBerry Enterprise Server that you want to maintain after your transition.

If any of the above does apply to you, you should proceed with the three-phase deployment described in Transitioning a company of 250+ employees (p. 9). If you believe your companys infrastructure is lightweight enough for a fast-track transition, your week-by-week breakdown of tasks should closely resemble the following:

Transition Overview

15

Week 1
Task Topic

1 Verify your primary domain with Google Apps (p. 25) 2 Add your IT team to Google Apps manually (p. 27) 3 Set up a subdomain for mail routing (p. 25) 4 Set up dual delivery (p. 35)
21)

Domain Management User Account Migration Domain Management Mail Routing

5 Educate employees about your Google Apps transition (p. Change Management 6 Begin provisioning users (p. 28) 7 Determine which mail migration tool to use (p. 31) 8 Begin migrating user mail data (p. 32) 9 Begin migrating user calendar data (optional) (p. 42)
41)

User Account Migration Mail Data Migration Mail Data Migration Calendar Migration

10 Begin provisioning calendar resources (recommended) (p. Calendar Migration 11 Determine a web browser policy (p. 51) 12 Determine your companys mobile IT strategy (p. 45) 13 Test basic mobile connectivity to Google Apps (p. 45) 14 Decide whether to enable 2-step verification (p. 53) User Policies Mobile Configuration Mobile Configuration Authentication and Authorization

Week 2
Task Topic

1 Finish provisioning users (p. 29) 2 Finish migrating user mail data (p. 33) 3 Finish migrating user calendar data (optional) (p. 43) 4 Provision remaining calendar resources (p. 43) 5 Set up YouTube for Schools (optional) (p. 51)

User Account Migration Mail Data Migration Calendar Migration Calendar Migration User Policies

16

Google Apps Technical Transition Guide

Task

Topic

6 Decide on a go-live date and inform your employees (p.

23)

Change Management Change Management Mobile Configuration

7 Plan your go-live help desk operations (p. 24) 8 Schedule a mobile deployment day (p. 48)

Week 3
Task Topic

1 Set up standalone Google Message Security (optional) (p. Mail Routing

37)

2 Finalize your mail routing solution (p. 39) 3 Configure BlackBerry support (BlackBerry) (p. 46) 4 Configure Android devices (Android) (p. 46) 5 Configure iOS devices (iOS) (p. 47) 6 Enforce device policy (all devices) (p. 48) 7 Integrate mobile security apps (all devices) (p. 48) 8 Run your go-live help desk (p. 24)

Mail Routing Mobile Configuration Mobile Configuration Mobile Configuration Mobile Configuration Mobile Configuration Change Management

Week 4
Task Topic

1 Run your go-live help desk (p. 24) 2 Staff your mobile deployment day (p. 49) 3 Complete any remaining tasks from previous weeks

Change Management Mobile Configuration

Transition Overview

17

Note: The remaining chapters of this guide describe the tasks associated with each

aspect of your technical transition, organized by phase. If you are performing a 30-day transition, the organization by phase does not apply to you, but the description of each task is equally valid.

18

Google Apps Technical Transition Guide

Transition Overview

19

20

Google Apps Technical Transition Guide

Chapter 2

Change Management

Chapter 2

Change management is all about ensuring that your Google Apps transition is a smooth process for your users. This element of your transition is just as critical as ensuring that your legacy data migrates properly; be sure to dedicate sufficient resources to it. This guide is not intended as the definitive resource for change management during your Google Apps transition. Be sure to visit the Google Apps Deployment Resource Center for more resources on change management strategies during your transition.

Core IT
Designate a change management coordinator
Level of Effort: Low

Ensure the success of your change management efforts by selecting a member of your team to coordinate the process through all three phases. Change management coordinators post company announcements, distribute user documentation, and organize training courses for users who are new to Google Apps.

Educate employees about your Google Apps transition

Level of Effort: Moderate

You should make sure your entire company is aware of the changes that are coming to their workflow in the coming weeks. You can begin educating your users with the following resources:

21

Send an announcement email to your company with the transition announcement template. Customize posters with the Going Google poster templates and hang them around your office as your go-live date approaches. The Google Apps Learning Center site template contains links to numerous helpful resources for new users, including training videos. You can customize the appearance of this template with your own company logo and a message from an executive to improve the user experience. Setting up the template also helps familiarize you and your users with Google Sites. In addition to linking your users to the Google Apps Learning Center, you should send out the guides it contains on a regular basis leading up to your go-live date. Structuring your users learning process will help ensure that theyre ready for the transition.

Many more user resources, such as email templates and user guides that you can send to your employees during your transition, are available at the Google Apps Deployment Resource Center.

Identify change impacts

Level of Effort: Moderate

You can reduce stress for your users by proactively identifying impacts to your companys existing processes. Work with your IT team to determine a course of action for each of these impacts, and devise a strategy for communicating them to your company.

Determine a web browser policy

Level of Effort: Low

Because Google Apps services are accessed primarily from a browser, you should establish a policy regarding the browser(s) that your IT team supports. Google Chrome provides the best Google Apps experience for both admins and users, with additional features that include the following: Desktop notifications Offline Gmail, along with other extensions available in the Chrome web store Advanced organization-wide policy controls, as described at http:// www.chromium.org/administrators

If your legacy system includes web applications that run only on older browsers, you should continue to support an older browser for those applications, along with Google Chrome for Google Apps.

22

Google Apps Technical Transition Guide

Read Supported browsers for information on your browser options.

Select your early adopters

Level of Effort: Low

Five to ten percent of your users transition to Google Apps before the rest of your users do. This intermediate phase lets your IT team test your anticipated transition process on a smaller, more flexible group of users. When selecting early adopters for your transition, keep the following criteria in mind: Your early adopters should represent as many of your companys roles and office locations as possible. If any of your executives are early adopters, their administrative assistants and direct reports should also be early adopters, if possible. If your company is sufficiently large (250+ employees), early adopters should be willing to act as Google Guides during the Global Go Live phase. Google Guides champion Google Apps to your company and help their coworkers get up to speed quickly. Learn more about the Google Guides program.

Early adopters should feel comfortable coexisting on two communication platforms. They should also be comfortable with the occasional hiccup that may occur while youre migrating data and configuring Google Apps. Ideally, early adopters have prior experience with Google products.

Give your employees plenty of opportunity to volunteer to be an early adopter. The employees that are most excited about your upcoming transition typically make the best early adopters.

Early Adopters
Decide on a go-live date and inform your employees
Level of Effort: Low

Be sure to let your company know your Google Apps go-live date well ahead of time. This is the date during the Global Go-Live phase when all of your users must switch over to Google Apps. Users need plenty of advance notice of this date to help prevent bottlenecks at your help desk when the day arrives.

Change Management

23

Plan your go-live help desk operations

Level of Effort: Moderate

You may see an increase in help desk requests in the days surrounding your go-live date. Make sure you coordinate with your entire IT staff and any Google Guides to ensure that youll have sufficient coverage and proper issue triage in place for all teams and locations. Read the resources on the Helpdesk training page of the Google Apps Deployment Resource Center for more information on setting up your help desk.

Continue educating employees about your transition

Level of Effort: Moderate

Make sure your employees continue to stay informed about the timeline for your transition, and are accessing the training content listed in Educate employees about your Google Apps transition (p. 21).

Global Go Live
Run your go-live help desk
Level of Effort: High

Your IT teamalong with any Google Guidesis out in full force during this phase, assisting your employees with their transition to Google Apps. Google Guides answer as many basic questions as possible while directing more complex issues to your IT team.

24

Google Apps Technical Transition Guide

Chapter 3

Domain Management

Chapter 3

Core IT
Verify your primary domain with Google Apps
Level of Effort: Low

You cant activate any Google Apps services for your domain until you verify your domain ownership, so you should complete this step as soon as possible. You have several easy options for verifying your domain. Read Verify domain ownership to learn how to verify your domain with Google Apps.

Verify additional domains with Google Apps (optional)

Level of Effort: Low

If your company includes users across multiple domains, and you plan to maintain your multiple-domain structure after your transition, you should verify your additional domains as well. Read Manage multiple domains with Google Apps for an overview of multiple domain management in Google Apps. Read Limitations for multiple domains to learn about what isnt supported for multiple domains in Google Apps.

Set up a subdomain for mail routing

Level of Effort: Low

25

The mail routing configurations youll set up during your transition require a subdomain to route email from your legacy system to Google Apps. You typically add a subdomain as a domain alias to the primary domain of your Google Apps account. For example, the domain alias for the primary domain domain.com could be apps.domain.com. Read Add domains and domain aliases to learn how to set up a subdomain in Google Apps.

Global Go Live
Remove the mail routing subdomain
Level of Effort: Low

Now that all of your employees are living on Google Apps, you dont need a subdomain to route mail from your legacy system. Read Remove a domain or domain alias to learn how to remove your mail routing subdomain.

26

Google Apps Technical Transition Guide

Chapter 4

User Account Migration

Chapter 4

Core IT
Add your IT team to Google Apps manually
Level of Effort: Low

Your administrator manually creates Google Apps accounts for your IT team during the Core IT phase. No user account data is migrated from your legacy system yet. Depending on the number of users youre planning to add during this phase, you can choose to add users one at a time or in bulk. Read Add a new user to learn how to add Google Apps users one at a time. Read Upload many users at once to learn how to add Google Apps users in bulk with a CSV file.

After youve created user accounts for your IT team, youll want to make some or all of them administrators to help distribute administrative responsibilities. You have finegrained control over the administrator privileges you grant each team member. Read Give a user administrator privileges to learn how to create additional administrator accounts:

27

Early Adopters
Begin provisioning users
You begin provisioning user accounts for your entire company during this phase, even though only your early adopters begin living on Google Apps. Provisioning the majority of your users during this phase has the following advantages: Employees have an opportunity to familiarize themselves with Google Apps before they begin living on it. In larger companies, provisioning users early helps prevent bottlenecks later on.

The recommended process for provisioning Google Apps users depends on your legacy system.

Provisioning users from an LDAP server

Level of Effort: Moderate

If your legacy system stores user data on an LDAP server, such as Microsoft Active Directory or Lotus Domino, you can automatically provision users, groups, and nonemployee contacts in Google Apps from that data with the Google Apps Directory Sync (GADS) tool. GADS dynamically adds and deletes user accounts in Google Apps to match your legacy systems organizational schema. Read Google Apps Directory Sync, along with the GADS Administration Guide, to learn about installing and using GADS. Google Apps if your company uses a compatible LDAP server.

Note: It is strongly recommended that you use GADS to provision your users in

Provisioning users from other sources

Level of Effort: High

If your user data is not stored in an LDAP server that is compatible with GADS, you can provision users from your user store with the Google Apps provisioning API. This is the same API that GADS uses behind the scenes to provision Google Apps users. The provisioning API is provided as a RESTful web service with convenient wrappers for several languages, including Java and Python. Read the Google Apps Provisioning API Developers Guide to learn about using the provisioning API.

28

Google Apps Technical Transition Guide

Migrate shared contacts

Level of Effort: Low

You should migrate shared contact information for any users and distribution lists that you arent fully activating in Google Apps during this phase. Doing so allows your early adopters to see the shared contact information for all users and distribution lists from within Google Apps.
Note: During the Global Go Live phase, youll migrate your distribution lists into

Google Groups; for now, youll simply migrate their shared contact information. Consult the documentation for your chosen user provisioning tool to learn more about migrating contacts.

Global Go Live
Finish provisioning users
Level of Effort: Moderate

During the Global Go Live phase, youll provision user accounts for any employees that havent been provisioned yet, using the same method you used during the Early Adopters phase.

Migrate distribution lists into Google Groups

Level of Effort: Low

Use your provisioning tool to migrate your legacy systems distribution lists into Google Groups. Google Groups lets users communicate and control access to documents more easily. Read Get Started with Google Groups to learn more about the features it provides.

Continue maintaining user accounts

Level of Effort: Low

Youll continue adding and removing user accounts through your transition and beyond, as employees come and go.

User Account Migration

29

If your system will continue to use an LDAP server after your transition is complete, you should use Google Apps Directory Sync (GADS) to keep your user information up to date. Otherwise, you can manage your users from the Google Apps admin control panel.

30

Google Apps Technical Transition Guide

Chapter 5

Mail Data Migration

Chapter 5

Core IT
You dont migrate any mail data from your legacy system to Google Apps during this phase. Your company (with the exception of your IT team) continues accessing their mail exclusively from your legacy mail system.

Determine which mail migration tool to use

Level of Effort: Low

You should take time during this phase to determine the best mail migration tool for your transition. Your recommended migration tool depends on your legacy system. These recommended tools are server-side applications that require no action from anyone outside your IT team.
Legacy System Microsoft Exchange or an IMAP server (e.g., Gmail or Novell GroupWise) Recommended Tool Google Apps Migration for Microsoft Exchange (GAMME) Download Page GAMME Download Page Documentation GAMME Admin Guide

Lotus Notes

Google Apps Migration for Lotus Notes (GAMLN)

GAMLN Download Page

GAMLN Admin Guide

31

If neither of the recommended tools is suitable for your transition, use one of the following alternatives, according to your needs:
Tool Google Apps Migration for Microsoft Outlook (GAMMO) Caveats Requires user action Learn More Learn More

Google Apps Sync for Microsoft Outlook (GASMO) Google Apps Email Migration API Google Mail Fetcher (POP download)

Users continue using Outlook instead of the Gmail web interface Requires programming Requires POP server, requires user action

Learn More

Learn More Learn More

Early Adopters
Begin migrating user mail data
Level of Effort: Moderate

to High (depending on tool used)

You should migrate mail data for your IT team, your early adopters, and as many additional users as possible during this phase. Most of the migration tools provided by Google allow you to migrate calendars and contacts at the same time you migrate mail. At first, you should migrate mail in batches of five to seven users. Timing these batches helps you get a sense of how long it will take to migrate mail for all of your users. Consult the documentation for the email migration tool you selected during the Core IT phase for more information on migrating your mail.

Migrate shared contacts

Level of Effort: Low

32

Google Apps Technical Transition Guide

You should migrate shared contact information for any users and distribution lists that you arent fully activating in Google Apps during this phase. Doing so allows your early adopters to see the shared contact information for all users and distribution lists from within Google Apps.
Note: During the Global Go Live phase, youll migrate your distribution lists as

Google Groups; for now, youll simply migrate their shared contact information. Consult the documentation for the email migration tool you selected during the Core IT phase for more information on migrating shared contacts.

Global Go Live
Finish migrating user mail data
Level of Effort: Moderate

to High (depending on tool used)

During this phase, youll migrate all mail data you didnt migrate during the Early Adopters phase. Continue to use the same mail migration tool that youve used up to this point.

Mail Data Migration

33

34

Google Apps Technical Transition Guide

Chapter 6

Mail Routing

Chapter 6

Core IT
Set up dual delivery
Level of Effort: Low

Your IT team should use Gmail instead of their legacy mail client as much as possible during this phase, which means they need to begin receiving messages in Gmail. To accomplish this, you configure dual delivery on your legacy system. With dual delivery, incoming messages are delivered to your legacy mail server, which in turn forwards a copy of each message to Gmail. Setting up dual delivery has no impact on your other users.
Note: Make sure youve completed Set up a subdomain for mail routing (p. 25) before

continuing with this step.

35

Read Configure dual delivery to learn more about setting up dual delivery in your environment.

Determine your final mail routing design

Level of Effort: Moderate

After you set up basic dual delivery for your IT team, you should figure out what kind of mail routing design you want in place when your transition is complete. In the simplest and most common case, you transition your mail to Google Apps entirely, and no mail is routed through your legacy system. However, you may need to continue routing some or all mail through your legacy system for one of the following reasons: Your legacy system includes journaling or compliance systems that interact with your legacy mail solution that must remain in place. One or more organizations in your company are not transitioning to Google Apps.

When you decide on a mail routing design, follow the mail routing steps for the remaining phases only if you have not yet reached the design you plan to stick with.

36

Google Apps Technical Transition Guide

Read Mail delivery options to determine which mail routing design is appropriate for your company.

Set up standalone Google Message Security (optional)

Level of Effort: Moderate

There are two forms of Google Message Security powered by Postini (GMS) that you can enable for your domain: integrated and standalone. You configure integrated GMS directly from your Google Apps admin control panel. Integrated GMS provides sophisticated spam and virus protection for your users, but it doesnt support advanced mail routing configurations. You configure standalone GMS from a separate dashboard. In addition to offering spam and virus protection, standalone GMS also allows you to configure complex mail routing rules for your domain. necessity for proper mail routing. If your Google Apps package includes standalone GMS, you should set up your administrator accounts and make sure the tool is properly configured for your legacy system. After GMS is properly configured, all of your incoming mail is routed through it on its way to your legacy system, Google Apps, or both. Read the Message Security Administration Guide to learn how to set up standalone GMS. Read Add an administrator to learn how to add additional admins to standard GMS. Note that adding an administrator to Google Apps does not automatically add that administrator to GMS. If you are still deciding whether to include standalone GMS in your Google Apps package, read Postini Overview to learn more about the advantages it provides:

Note: If your legacy system includes multiple domains, standalone GMS is a

Early Adopters
Set up split delivery
Level of Effort: Moderate

Mail Routing

37

Now that your IT team has been living on Gmail and has had an opportunity to identify and resolve any issues with Gmail in your environment, you can switch your mail routing strategy from dual delivery to split delivery. With split delivery, incoming messages are delivered either to a users Gmail account or to their legacy mail account, depending on the user. This allows your IT team and early adopters to live on Gmail exclusively, without affecting the rest of your users. The way you set up split delivery depends on whether your Google Apps solution includes standalone Google Message Security. If your Google Apps solution includes standalone Google Message Security, read the Message Security Administration Guide to learn how to set up split delivery.

38

Google Apps Technical Transition Guide

If your Google Apps solution does not include Google Message Security, read Mail delivery options - split delivery to learn how to set up split delivery.

Global Go Live
Finalize your mail routing solution
Level of Effort: Low

How you finalize your mail routing solution depends on whether your Google Apps solution includes standalone Google Message Security.

Finalizing mail routing with standalone GMS

Now that your company is living entirely on Google Apps, you can forego split delivery and reconfigure your mail config in GMS to route all messages to Google Apps.

Mail Routing

39

See the Message Security Administration Guide for more information on updating your mail config.

Finalizing mail routing without standalone GMS

Now that your company is living entirely on Google Apps, you can forego split delivery and update your domains MX records to route all incoming mail, both internal and external, directly to Google Apps. Read Configure email delivery to learn how to update your domains MX records.

40

Google Apps Technical Transition Guide

Chapter 7

Calendar Migration

Chapter 7

Core IT
Decide whether to migrate user calendar data
Level of Effort: Low

You should decide during this phase whether you plan to migrate your users legacy calendar data to Google Apps. Legacy calendar data is often less critical for users than legacy mail, and you can help simplify your transition by starting fresh with Google Calendar. If you decide to migrate user calendar data, youll do so while youre migrating mail during the next two phases.

Early Adopters
Your early adopters should live on Google Calendar as much as they can during this phase. Calendar resources that have not been provisioned in Google Calendar must continue to be booked from your legacy system. Keep in mind that Google Calendar free/busy information is not visible from your legacy calendar without additional work. If its critical to your early adopters that they see free/busy information in your legacy system, read Share free/busy information across systems (optional) (p. 42) for more information.

Begin provisioning calendar resources (recommended)

Level of Effort: Low

41

You may choose to provision certain calendar resources (meeting rooms, projectors, and so on) in Google Apps during this phase. If you do, make sure you disable those resources in your legacy system to prevent double bookings. Resources that you provision during this phase should be resources that are used primarily by your early adopters. Users that dont yet have a Google Apps account need to reserve these resources through a user that does. Read Create and name resources to learn how to provision resources from your admin control panel.

Note: If you are migrating from Lotus Notes:

The Google Apps Migration for Lotus Notes tool (GAMLN) can automatically provision resources in Google Apps based on the resources on your Domino server. See the GAMLN administrator guide for more information. You can connect your Google Apps resources to Lotus notes for the duration of your migration. Read Booking Lotus Notes resources from Google Calendar to learn how.

Begin migrating user calendar data (optional)

Level of Effort: Moderate

If youve decided to migrate your users calendar data, you should begin doing so at the same time you begin migrating your mail. See Determine which mail migration tool to use to determine which tool you should use to migrate your mail and calendar data.

Share free/busy information across systems (optional)

Level of Effort: Moderate

Google Apps provides calendar connector tools that enable you to share free/busy information between Google Calendar and your legacy calendar. However, setting up a calendar connector can prolong the duration of your Google Apps transition, and you should set one up only if your users are inconvenienced significantly without it. The calendar connector tool you use depends on your legacy system. If youre migrating from Microsoft Exchange, download and install the Google Calendar connector kit.

42

Google Apps Technical Transition Guide

If youre migrating from Lotus Notes, download and install Google Calendar Connector for Lotus Notes. maintaining two coexisting calendar systems. As soon as all of your users are living on Google Calendar, they should stop using your legacy calendar system.

Note: These calendar connectors are not intended as a permanent solution for

Global Go Live
Provision remaining calendar resources
Level of Effort: Moderate

Now that all of your employees are beginning to live on Google Apps, you should provision all calendar resources in Google Apps that you didnt provision during the Early Adopters phase.

Finish migrating user calendar data (optional)

Level of Effort: Moderate

If youve decided to migrate your users calendar data, you should finish migrating any calendar data that you didnt migrate during the Early Adopters phase.

Calendar Migration

43

44

Google Apps Technical Transition Guide

Chapter 8

Mobile Configuration

Chapter 8

Core IT
When connecting to Google Apps, many organizations use Android devices, which sync natively to Google Apps. Other mobile devices connect to Google Apps with Google Sync. Google Sync uses Microsoft Exchange ActiveSync to let your users synchronize their Google Apps mail, contacts, and calendars to their mobile devices. For more information, see Google Sync Setup Instructions.

Determine your companys mobile IT strategy

Level of Effort: Moderate

You should decide which types of mobile devices you plan to support in your organization. Android devices are easy to connect to Google Apps, whereas iOS devices and BlackBerry devices require additional work. Consult the Mobile Support section of the Google Apps Deployment Checklist to learn about the mobile configuration options you have for non-Android devices. Read Mobile Management to learn about the device policies you can enforce over your mobile fleet. Read Mobile Apps for Enterprise for details on configuring different mobile devices for use with Google Apps.

Test basic mobile connectivity to Google Apps

Level of Effort: Low

Your IT team should test mobile configuration with Google Apps on their mobile devices. During this phase, no additional connectors are needed to access Google Apps mail and calendar through these devices.

45

Android
Set up your Gmail and Calendar apps to sync with your Android device. You can download these apps from Android Market. Android provides the best user experience with Google Apps because its apps sync natively with Google Apps. For more information, see the Google Apps Learning Center.

BlackBerry
Use the BlackBerrys native web browser to sign in to your Google Apps mail. You might decide to set up Google Apps Connector for BlackBerry Enterprise Server during the next phase, but dont set it up at this point, because it requires a high level of effort.

iOS
Use Google Sync to view Google Apps mail and calendar in native iPhone and iPad mail and calendar apps. See Setting up Google Sync with your iOS device for more information.

Early Adopters
Complete the following tasks for the types of mobile devices currently supported by your organization. You have the following three options:

Configure Android devices (Android)

Level of Effort: Low

Your early adopters should configure their Android devices the same way your IT team did in the previous phase.

Configure BlackBerry support (BlackBerry)

Your BlackBerry configuration strategy depends on your legacy system and your organizations needs.

46

Google Apps Technical Transition Guide

Transitioning off of BlackBerry (recommended)

Level of Effort: Moderate

If BlackBerry support is not critical in your organization, transition your BlackBerry users to Android, or to devices that can sync with Google Apps through ActiveSync, like iPhone.

Configuring BlackBerry support without BlackBerry Enterprise Server

Level of Effort: Low

If your company does not have an on-premise BlackBerry Enterprise Server, your BlackBerry users have the following options for accessing Google Apps: Users can set up their device using BlackBerry Internet Service (BIS), which is part of the standard BlackBerry service plan. BIS works with the Email, Calendar, and Contacts apps on BlackBerry, and syncs with Google Apps email, calendar, and contacts. Blackberry Internet Service is provided by RIM and mobile carriers. For information and support, please contact RIM. Users can access Gmail and many other Google products from a mobile browser. In most cases, users can go to m.google.com in their phone's browser, select the product they want to use, and sign in to their Google Apps account.

For more information, see Use Google Apps on BlackBerry.

Configuring BlackBerry support with BlackBerry Enterprise Server

Level of Effort: High

If your company has an existing on-premise BlackBerry Enterprise Server solution and you plan to maintain one after your transition, youll need to set up new BES servers with Google Apps Connector for BlackBerry Enterprise Server and migrate your BlackBerry users to them. If you decide to proceed with this strategy, you should use your BES servers to give your users the native BlackBerry experience, instead of having them access mail through their browser in Google Apps mail. Read Overview of Google Apps Connector to learn more about integrating BES with Google Apps, including system and hardware requirements.

Configure iOS devices (iOS)

Level of Effort: Low

Your early adopters should use Google Sync to view Google Apps mail and calendar in native iPhone and iPad mail and calendar apps.

Mobile Configuration

47

For more information, read Setting up Google Sync with your iOS device.

If your users only want access to their email from their iOS device, they can instead download and install the Gmail app for iOS.

Enforce device policy (all devices)

Level of Effort: Moderate

Decide what mobile policies you want to deploy for your organization, and enforce these policies with the Mobile Settings page in the Google Apps control panel. See Google Apps Mobile Management for more information.

Integrate mobile security apps (all devices)

Level of Effort: Moderate

Decide what mobile apps you need to have your users install on their devices. Many organizations use these two apps to enforce security:

Google Authenticator
If your users are using 2-step verification for extra security when signing in, they need to download the Google Authenticator app on their Android, BlackBerry, or iOS device. See Decide whether to enable 2-step verification (p. 53) for more information on 2-step verification.

Google Apps Device Policy (Android)

The Google Apps Device Policy for Android application allows you to enforce mobile security policies on your users, like requiring your users to set a password on their device, and allowing your IT staff to remotely wipe the device. Learn more about Device Policy Administration for Android.

Global Go Live
Schedule a mobile deployment day
Level of Effort: Low

48

Google Apps Technical Transition Guide

To simplify the process of setting up the rest of your users devices to sync with Google Apps, your IT team should schedule an official mobile deployment day. This allows them to help as many users as possible to configure mobile devices and make sure all necessary applications are installed. Setup instructions for Global Go Live are the same as during the Early Adopter phase.

Staff your mobile deployment day

Level of Effort: Moderate

Your IT team can address the majority of your companys mobile transition issues during your mobile deployment day, which will cut down on mobile-related help desk issues following your transition.

Mobile Configuration

49

50

Google Apps Technical Transition Guide

Chapter 9

User Policies

Chapter 9

Core IT
Determine a web browser policy
Level of Effort: Low

Because Google Apps services are accessed primarily from a browser, you should establish a policy regarding the browser(s) that your IT team supports. Google Chrome provides the best Google Apps experience for both admins and users, with additional features that include the following: Desktop notifications Offline Gmail, along with other extensions available in the Chrome web store Advanced organization-wide policy controls, as described at http:// www.chromium.org/administrators

If your legacy systesm includes web applications that run only on older browsers, you should continue to support an older browser for those applications, along with Google Chrome for Google Apps. Read Supported browsers for information on your browser options.

Set up YouTube for Schools (optional)

Level of Effort: Low

If your organization is a school that blocks access to YouTube from students, consider setting up YouTube for Schools for your domain. YouTube for Schools enables your faculty to allow students access only to specific YouTube videos that are used in the classroom.

51

See the YouTube for Schools homepage (www.youtube.com/schools) for an overview of the YouTube for Schools program. Read How to access YouTube in schools for technical details on enabling YouTube for Schools for your domain.

52

Google Apps Technical Transition Guide

Chapter 10

Authentication and Authorization

Chapter 10

Core IT
Decide whether to add auth services
Level of Effort: Moderate

Google Apps supports authentication and authorization (auth) for your third-party services via OpenID and OAuth. These protocols also enable your users to allow limited access to their data for certain purposes. You can configure your internal services to make use of these protocols with the APIs Google provides. Read Authentication and Authorization for Google APIs to learn more about using OpenID and OAuth in your domain.

Google Apps also supports SAML-based single sign-on (SSO), which you can integrate with your existing LDAP or other SSO system. Single sign-on greatly simplifies the login process for your users, who otherwise need to remember a different set of credentials for each of your internal services. Read SSO (Single Sign-On) to learn more about single sign-on.

You should decide by the end of the Core IT phase exactly whichif anyof these authentication and authorization services you want to implement in your system. Deciding to add one or more of these services later on will result in significant additional work.

Decide whether to enable 2-step verification

Level of Effort: Low

53

If you enable 2-step verification in your domain, you and your users benefit from extra login security. Even if a users password is cracked, guessed, or otherwise stolen, an attacker can't sign in without access to the user's verification codes, which only the user can obtain via their own mobile phone.
Note: Even if you enable 2-step verification for your domain, it is opt-in per user.

It is recommended that you enable 2-step verification for your domain. Read Getting started with 2-step verification for more information.

Early Adopters
Test auth services (optional)
Level of Effort: Moderate

to High

If you decided to implement one or more auth services during the Core IT phase, now is the time to do so in a limited scope. Walk your early adopters through any new processes and make sure they can access everything they should be able to (and make sure they cant access anything they shouldnt be able to). Based on your experience with your early adopters, draft documentation that will help the rest of your users make the transition to your new auth processes.

Global Go Live
Launch auth services (optional)
Level of Effort: Moderate

Now that youve performed a dry run of any new auth services with your early adopters, youre ready to deploy them to your entire company. Do so alongside the rest of your go-live initiatives, and make sure to provide users with the information they need to access new services.

54

Google Apps Technical Transition Guide

Chapter 11

Post-Transition Topics

Chapter 11

After your Google Apps transition is complete, take a look at the following resources to learn more about what you and your users can do to get the most out of Google Apps.

Keep up with whats new

Google Apps is adding exciting new features all the time. Visit the Google Apps Whats New Page to learn about upcoming releases, and register for live instructional webinars.

Become a Google Apps expert

Some of the advanced collaborative capabilities of Google Apps can fly under the radar. Delegated mailboxes, email aliases, and document collections are just a few of the features that set Google Apps apart. Read Deployment Special Topics for more information on advanced collaboration with Google Apps. Visit the Google Apps Learning Center for all kinds of great resources on getting the most out of Google Apps.

55

Learn more about mobile configuration

You may want to fine-tune your mobile configuration following your transition, or add support for another type of mobile device. Read Set mobile device policies to learn more about additional mobile configuration options:

Consult the Google Apps Help Center

If you encounter an issue with Google Apps after your transition, be sure to consult the Google Apps Admin Help Center for a resolution. The Help Center contains numerous troubleshooting articles, along with a support forum that lets you receive help from other Google Apps admins.

56

Google Apps Technical Transition Guide